[ExchangeList] Re: pgp or ssl

From: "Jaspreet Singh" <jsjolly@xxxxxxxxx>

To: exchangelist@xxxxxxxxxxxxx

Date: Mon, 10 Jul 2006 20:04:49 +0530

Hi Ara,

Windows does provide encryption and it is tied to your Windows password. The encryption itself is solid, not industrial grade, but solid enough. The major flaw with the Windows encryption system is that as soon as you are logged into your computer, any application or person can decrypt your files. The encryption works seamlessly in the background, which is nice, but opens the user up to an Internet or unauthorized user attack. If a malicious virus, Trojan, or user accesses your computer while you are logged in, it or they will have the same access rights as you. That means they can decrypt every file on your system.

Third Party Tools like PGP protects your files using industrial strength encryption (Paid Versoins) even if they do not still,they keep your files locked until you want them unlocked. There is no seamless encryption. If you are not currently using a certain protected file, it will remain safely locked and cannot be opened by any malicious virus, trojan, or any person who happens to have access to your computer. The vault password must be known to decrypt a protected file, unlike Windows which caches both the encryption & decryption keys in memory so that anyone can access your protected data, even if they don't know your password.

The short answer why people want and need to purchase encryption software, such as PGP instead of using Windows encryption, is because the encryption software is secure and Windows encryption is not. I hope that helps answer your question.

http://www.msexchange.org-------------------------------------------------------Ara,
Go with PGP Desktop, its quite user friendly, and effective. You canencrypt both emails and documents. We've been using it for while, and Iknow many large corporate use PGP Desktop (that's why we chose it ;).)

I need some help to make the right decision. My boss wants to sendemails to a friend which will be probably only once a week. His friendis using PGP so he suggested using pgp with thunder bird as the mailclient.

Since he is going to use it not so often, I thought it might be goodidea to use an encryption method and type the actual email inside a worddocument and encrypt that word document and send it out. This way he
keeps using his current system and only goes through this step whenrequired.